On Saturday 11 November 2006 01:25, Daryl C. W. O'Shea wrote:
Julian Mehnle wrote:
- in a very large number of cases we can't trust the Received-SPF
header since the Received-SPF header (like DK/DKIM headers and most
other stuff's headers) are usually placed before (in time, ie below)
the trusted MX's Received header
According to RFC 4408, section 7, the "Received-SPF" header "SHOULD be
prepended to the existing header, above the Received: field that is
generated by the SMTP receiver."
I think it would be acceptable (and I would actually recommend) to ignore
any "Received-SPF" headers that are below the trusted MX's "Received"
header.
The current problem is, as I'm seeing it anyway, that very few setups
are actually doing this. The closest I've noticed so far is qmail
throwing the Received-SPF header in between one of the eight thousand
(mostly useless) Received headers qmail adds for each physical hop.
I'm not even sure that you can actually do it with the current Sendmail
milter interface. I'm not aware of a way to do it, but I haven't read
any documentation on it in quite some time.
If this is happening, or starts to happen, I'd probably implement
re-using the Received-SPF headers (where appropriate) pretty quickly.
The current version of postfix-policyd-spf-perl supports this. It's available
here, http://new.openspf.org/source/software/postfix-policyd-spf-perl/tags/,
or on CPAN.
PySPF supports received-spf. I have developing a patch for tumgreyspf on my
to do list. It won't be very hard once I find the time.
I haven't done any programming on Milters, but I believe that pymilter adds
the received header, http://www.bmsi.com/python/milter.html.
Scott K
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to http://v2.listbox.com/member/?list_id=735